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PASSWORD PROTECTION 



This invention relates to password protection and particularly, but not 
exclusively, to a method of updating a password by direct user input from a 
telephone. 

In accordance with one aspect of the present invention, there is provided a 
method of managing password update for a password protected access system 
having a password store in which each entry comprises a respective network terminal 
identity store and an associated respective password store, the method comprising 
the steps of: 

making a call to a password change service from a network terminal, 
retrieving by the password change service from signalling information of the call 
received thereat the identity of the network terminal from which that call was made; 
receiving a new password entered at that network terminal; 

accessing the password store in accordance with the retrieved network 
terminal identity to find an entry whose stored network terminal identity matches 
that retrieved network terminal identity; and 

writing the received new password into the associated respective password 
store of an entry so found. 

An advantage of a method of the present invention is the avoidance, and 
consequent delay, of password resetting procedures performed by system 
administration personnel. 

In accordance with another aspect of the present invention, there is provided 
a password protected access system comprising means for receiving a call from a 
network terminal and for retrieving from signalling information of the call the identity 
of the network terminal from which that call was made, means for receiving from 
that network terminal information representative of a password, and means for 
updating the content of a respective password store associated with that network 
terminal identity by writing said information representative of a password into that 
associated respective password store. 

Specific embodiments of the present invention will now be described by way 
of example with reference to the drawing in which Figure 1 shows component parts 
of a password change service of the present invention. 
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By way of background to the present invention, it is known for password 
protected access to, for example, a remote database holding a user's personal 
information, to be performed by user providing a user identity, also called a username 
or a userlD, to identify the particular stored information which the user is requesting 
access to, and a password. The user identity is commonly a set of letters, often the 
initials of the user's names, e.g. dje or rgb. The provided password is compared with 
a password previously provided by the user and stored in association with the user 
identity, and, if there is a match, the user is granted access. 

In this known arrangement, if the user forgets his password, he has to 
contact the system administrator responsible for the database, provide sufficient 
proof of his identity, and request a reset of his password. The system administrator 
has to effect a change of the recorded password to a nominal password, for example 
"password", and notify the user of that nominal password. The user can thereafter ' 
access his information using that nominal password, but for security reasons usually 
performs a change password procedure to change that nominal password to one 
which is more secure. In this change password procedure, the user is asked to enter 
the existing password, then his newly chosen password, and, for confirmation, to 
enter the new password again. 

In the present invention, the user identity is not in the form of the user's 
initials, but is a nominated network terminal identity, which in this embodiment is a 
telephone number, and this will usually be the number of the user's home or work 
telephone. Herein the terms nominated telephone number and nominated telephone 
are used synonymously and interchangeably. 

For normal access, the user calls the password protection system from any 
telephone, and when prompted for a user identity he enters the nominated telephone 
number via the keypad, or speaks it if there is an interactive voice response unit (IVR) 
at the password protection system. The user will then be prompted in the usual 
manner for entry of his password, which, likewise, he enters via the keypad or the 
IVR. 

If the user has forgotten his password, he makes a call from the telephone 
corresponding to the nominated number, i.e. the nominated telephone, to a password 
change service of the password protection system. On receipt at the password 
protection system of the incoming call from the user, the signalling information is 
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examined and the content of the calling line identity field (CLI) is retrieved, and the 
user is prompted to enter a new password, via keypad or the IVR. This new 
password is then stored in place of the previously stored password in association 
with the user identity in the form of the retrieved CLI, i.e. the nominated telephone 
5 number. 

This password change procedure avoids the inefficient use of system 
administration personnel, the delay to the user when such system administration 
personnel perform a manual change, and the risk that the user fails to change from 
the nominal password, which is inherently insecure, to a more secure password. 
0 In a specific embodiment shown in Figure 1, the password protected 

information is a electronic personal telephone or email address book remotely stored 
on a database 10, accessed via a data network 12, such as the Internet or a 
corporate intranet, and a server 14. 

The user activates a computer 16 at any suitable site, and launches a 
5 browser in known manner to access the server 14. He receives from the server 14 an 
access page having text boxes for the entry of a user identity and a password. Using 
the keyboard, the user enters the nominated telephone number for the user identity, 
and the current password. The server 14 performs a comparison of the entered 
password with the stored password associated with that user identity, and upon a 
) match permits the user access to his address book. 

If the user has forgotten his password, or if someone has managed to obtain 
access to the user's nominated telephone, say his work telephone, and change the 
password, then the user makes a call from his work telephone 20, via a telephone 
network, for example a private telephone network 22, to a predetermined destination 
► terminal number at a CTI system 24 operating a change password service. 

As shown in the Figure, the change password service is operated by a CTI 
system 24 which is at a geographically separate location from the server 14. In 
variants, the CTI system 24 operating a change password service can be local to the 
server 14, or that function can even be made integral with the server 14. 
' In the present embodiment, the CTI system 24 will send the user's identity 

(CLI) and new password to the database 10. Thus in this specific embodiment, the 
CTI system 24 constitutes means for receiving a call from a network terminal and for 
retrieving from signalling information of the call the identity of the network terminal 
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from which that call was made, means for receiving from that network terminal 
information representative of a password, and means for updating a current 
password stored in association with that network terminal identity by replacing it 
with said information representative of a password. In a variant, the CTI system 24 
5 sends the user's identity (CLI) and new password to the database 10 via the server 
14. 

The change password service is also responsible for establishing a new user 
area in the database. A new user makes a call to the change password service, and 
upon prompting for a telephone number enters a telephone number, and upon 
0 prompting for a password the user either enters a password or, if the user chooses 
not to provide a password at this initial area set up stage, terminates the user area 
set up procedure in some appropriate manner, e.g. by going on hook or entering "#" 
on the keypad. This entering of a telephone number by the user constitutes direct 
provision of a network terminal identity by the user. The change password service 
5 now communicates with the database 10 and requests the allocation of a new user 
area, i.e. a telephone number store and an associated password store, and provides 
that entered telephone number to the database 10, together with the entered 
password, if provided by the user at this stage. 

If the user enters a password at the password prompt, the database 1 0 sets 
0 a Password Set flag associated with that newly established user area. If the user did 
not enter a password at the password prompt, the content of the password store in 
that user area remains filled with null characters, and the Password Set flag remains 
reset. The establishing of a new user area can alternatively be performed by system 
administration personnel upon receipt of the required information from a new user 
5 via, for example, the postal service. Once a new user area has been established, the 
user then updates the latest recorded password in his area using the method of the 
present invention by making a call to the change password service from the 
nominated telephone. It will be understood that the latest recorded password can be 
any of: null characters when the user has set up a new area but has not provided a 
0 password; or an initially provided password; or the password entered at the latest 
use of the change password service. 

In a variant, the new user area can be set up via the user's computer 16 by 
downloading a set up page from the server 14, entering the nominated telephone 
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number and, if required at this stage, a password, in respective text entry boxes, and 
clicking on a submit button in known manner. This entering of a telephone number by 
the user constitutes direct provision of a network terminal identity by the user. 

In a further variant, since the change password service retrieves a CLI from 

5 an incoming call, the user can indicate to the change password service, by entering # 
on the telephone keypad, that he wishes that CLI to be used as the nominated 
telephone number. This utilising by the change password service of the CLI in 
response to a command ("#") from the user constitutes indirect provision of a 
network terminal identity by the user. The change password service will respond by 

0 requesting the user to enter a password. If the user is merely setting up a new user 
area and intending to defer providing a password, he need not supply a password at 
this time, and can indicate this by again entering #. 

Whereas it is most convenient for the nominated telephone number to be the 
telephone where the user is most likely to be located when he needs to call the 

5 change password service, it need not be so. As an example of a different procedure, 
a user may nominate the telephone number of a trusted person, e.g. his father, living 
in a completely different area to where he works, possibly even a different country. 
The present invention will still work, provided that the calling line identity is 
delivered. The user now calls his trusted person, gives him a new password and asks 

0 him to call the change password service and enter the new password when 
prompted. 

Unless the context clearly requires otherwise, throughout the description and 
the claims, the words "comprise", "comprising" and the like are to be construed in an 
inclusive as opposed to an exclusive or exhaustive sense; that is to say, in the sense 
5 of "including, but not limited to". 
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CLAIMS 



1. A method of managing password update for a password protected access 
system having a password store in which each entry comprises a respective network 
terminal identity store and an associated respective password store, the method 
comprising the steps of: 

making a call to a password change service from a network terminal, 
retrieving by the password change service from signalling information of the call 
received thereat the identity of the network terminal from which that call was made; 
receiving a new password entered at that network terminal; 

accessing the password store in accordance with the retrieved network 
terminal identity to find an entry whose stored network terminal identity matches 
that retrieved network terminal identity; and 

writing the received new password into the associated respective password 
store of an entry so found. 

2. A password protected access system comprising means for receiving a call 
from a network terminal and for retrieving from signalling information of the call the 
identity of the network terminal from which that call was made, means for receiving 
from that network terminal information representative of a password, and means for 
updating the content of a respective password store associated with that network 
terminal identity by writing said information representative of a password into that 
associated respective password store. 

3. A method of managing password update for password protected access, the 
method being substantially as hereinbefore described with reference to the drawing. 

4. A password protected access system substantially as hereinbefore described 
with reference to the drawing. 
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El the description, claims or drawings (indicate particular elements beloW) or said claims Nos. 6-10 are so 
unclear that no meaningful opinion could be formed (specify): 
see separate sheet 

□ the claims, or said claims Nos. are so inadequately supported by the description that no meaningful opinion 
could be formed. 

□ no international search report has been established for the said claims Nos. . 

2. A meaningful international preliminary examination cannot be carried out due to the failure of the nucleotide 
and/or amino acid sequence listing to comply with the standard provided for in Annex C of the Administrative 



Instructions: 

□ the written form has not been furnished or does not comply with the standard. 

□ the computer readable form has not been furnished or does not comply with the standard. 

V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 



because: 




1. Statement 



Novelty (N) 



Yes: 



Claims 1-5 
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Claims 



Inventive step (IS) 



Yes: 
No: 



Claims 
Claims 
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Industrial applicability (IA) 



Yes: 
No: 



Claims 
Claims 



1-5 



2. Citations and explanations 
see separate sheet 



VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 



VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 
see separate sheet 
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Re Item III 

Non-establishment of opinion with regard to novelty, inventive step and 
industrial applicability 

1 . Dependent claims 6 to 10 contain no additional limiting features beyond a mere 
reference to the single drawing figure. According to Rule 6.2(a) PCT, claims 
should not contain such references except where absolutely necessary, which is 
not the case here. Claims 6 to 10 thus provide no additional examinable material 
and so should have been omitted. 



Re Item V 

Reasoned statement under Article 35(2) with regard to novelty, inventive step or 
industrial applicability; citations and explanations supporting such statement 

1 . Reference is made to the following documents: 

D1 : EP-A-0 862 1 04 (Casio Computer Co Ltd) 2 September 1 998 (1 998-09-02) 

D2: EP-A-0 541 435 (Fujitsu Ltd) 12 May 1993 (1993-05-12) 

D3: Patent Abstracts of Japan vol. 1995, no. 08, 29 September 1995 (1995-09- 

29) & JP 07 12951 1 A (Nippon Telegraph & Telephone Corp), 19 May 1995 

(1995-05-19) 

D4: EP-A-0 745 924 (AT & T Corp) 4 December 1996 (1996-12-04) 

2. The subject-matter of claims 1 to 4 is distinguished from the cited prior art disclo- 
sures by the feature, common to each claim, that the password update service 
retrieves from signalling information of the received call the identity of the network 
terminal from which the call is made and atrcesses the password store in accord- 
ance with the retrieved identity. Since this feature is neither known from, nor 
suggested by, the cited prior art, the claims exhibit novelty and inventive step. 

3. Independent claim 5 does not contain the distinguishing feature referred to above. 
Instead it merely defines the step of requesting the user to enter his nominated 
terminal identity and password. According to the description at page 3, lines 3 to 
4, the nominated terminal identity merely fulfills the function of a user identity. 
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3.1 The prior art is replete with examples of a user supplying a user identity of one 
sort or another, and this UID being compared against a stored value. Claim 5 
gives no indication as to why, within the scope of the activities defined in that 
claim, the use of a nominated terminal identity as a user identity, to be supplied 
manually by the user, would introduce any new or surprising technical effect when 
compared to the use of any other kind of identity as a user identity, when supplied 
manually by the user. Thus the use in claim 5 of a nominated terminal identity as a 
user identity does not confer inventive step. 

3.2 For the rest, claim 5 merely defines completely ordinary activities which are either 
known or obvious, from D3 for example. In D3, as acknowledged by the 
Applicant, "a person makes a telephone call to the system and provides his 
identifier IDn (which equates to the user identity in claim 5) and his old PIN Pn1 
(which equates to the password in claim 5). A part 2 receives this data (IDn and 
PN1) and authenticates (confirms) the person from the corresponding stored data 
for that person". This is what is defined in claim 5. 

3.3 The fact that, in D3, the person makes the telephone call for the purpose of 
changing his PIN, the system is a PIN alteration system, and the part 2 is a PIN 
alteration information temporary storing part, merely relates to the intended 
purpose in D3 of the authenticating procedure (i.e. to permit changing a 
password). This fact does not make the initial authenticating procedure in D3 any 
less relevant to claim 5 from the standpoint of obviousness. 

Re Item VII 

Certain defects in the international application 

& 

1 . The amendments filed with the letter dated 9.7.2001 introduce subject-matter 
which extends beyond the content of the application as filed, contrary to Article 
34(2)(b) PCT. The amendments concerned are the following: 

1.1 In claiml , lines 1 4 to 15, claim 2, lines 31 to 32, claim 3, line 1 8 and claim 4, line 4 
the phrase "playing an announcement to the caller". In the originally filed 
application documents only the terms "prompted" (description, page 3, line 2) and 
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"requesting" (description, page 5, line 10) are used. 

1 .2 In claim 3, line 5 (i.e. the first line) the term "registering". In the originally filed 
application documents the term "establishing" is used (description, page 4, line 7). 

1 .3 In claim 3, lines 9, 10 and 20, and in claim 4 at corresponding positions the term 
"management". There is no reference whatsoever in the originally filed application 
documents to this activitiy as such. 

1 .4 In the description at page 1 , lines 5 to 6 the sentence relating to synonymous use 
of the terms "updating" and "changing". 

1 .5 In the description at page 3, lines 6 to 10 the sentence relating to an advantage. 

1 .6 In the description at page 7, lines 25 to 26 the phrase "also ... management 
service". There is no reference whatsoever in the originally filed application 
documents to this activitiy as such. 

1.7 The entire paragraph in the description at page 9, lines 10 to 28. 

2. The features of the claims are not provided with reference signs placed in 
parentheses (Rule 6.2(b) PCT). 

3. The description does not conform to an acceptable set of claims as required by 
Rule 5.1(a)(iii)PCT. 



Re Item VIII ^ 
Certain observations on the international application 

1. Claims 1 to 4 are unclear since each defines an "entry" in the password store as 
itself comprising a "store", for example "a respective network terminal identity 
store" and "an associated respective password store". An entry in a store is 
actually an item of data and not a store per se. The word "store" should have 
been omitted from these terms. By contrast, claim 5 defines the terms correctly. 
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PASSWORD PROTECTION 

This invention relates to password protection and particularly, but not 
exclusively, to a method of updating a password by direct user input from a 
telephoned 

In accordance with one aspect of the present invention, there is provided a 
method of managing password update for a password protected access system 
having a password store in which each entry comprises a respective network terminal 
identity store and an associated respective password store, the method comprising 
10 the steps of: 

making a call to a password change service from a network terminal, 
retrieving by the password change^ service from signalling information of the call 

received thereat the identity of the network terminal from which that call was made; 

\ 



15 




20 



receiving a new password entered at that network terminal; 

\ 

accessing the password store in accordance with the retrieved network 
terminal identity to find an entry whose storecKnetwork terminal identity matches 
that retrieved network terminal identity; and 

writing the received new password into the associated respective password 
store of an entry so found. 

An advantage of a method of the present invention\^s the avoidance, and 
consequent delay, of password resetting procedures performed by system 
administration personnel. 



In accordance with another aspect of the present invention, ttaere is provided 

a password protected access system comprising means for receiving^ call from a 

\ 

25 network terminal and for retrieving from signalling information of the call the identity 
of the network terminal from which that call was made, means for receiving from 
that network terminal information representative of a password, and means for 

updating the content of a respective password store associated with that network 

\ 

terminal identity by writing said information representative of a password into that 
30 associated respective password store. 

Specific embodiments of the present invention will now be described by way\ 
of example with reference to the drawing in which Figure 1 shows component parts 
of a password change service of the present invention. 



25773con.doc 




2 

By way of background to the present invention, .it is known for password 
protected access to, for example, a remote database holding a user's personal 
information, to be performed by user providing a user identity, also called a username 
or a userlD, to identify the particular stored information which the user is requesting 
5 access to, and a password. The user identity is commonly a set of letters, often the 
initials of the user's names, e.g. dje or rgb. The provided password is compared with 
a password previously provided by the user and stored in association with the user 
identity, and, if there is a match, the user is granted access. 

In this known arrangement, if the user forgets his password, he has to 

10 contact the system administrator responsible for the database, provide sufficient 
proof of his identity, and request a reset of his password. The system administrator 
has to effect a change of the recorded password to a nominal password, for example 
"password", and notify the user of that nominal password. The user can thereafter 
access his information using that nominal password, but for security reasons usually 

1 5 performs a change password procedure to change that nominal password to one 
which is more secure. In this change password procedure, the user is asked to enter 
the existing password, then his newly chosen password, and, for confirmation, to 
enter the new password again. 

In the present invention, the user identity is not in the form of the user's 

20 initials, but is a nominated network terminal identity, which in this embodiment is a 
telephone number, and this will usually be the number of the user's home or work 
telephone. Herein the terms nominated telephone number and nominated telephone 
are used synonymously and interchangeably. 

For normal access, the user calls the password protection system from any 

25 telephone, and when prompted for a user identity he enters the nominated telephone 
number via the keypad, or speaks it if there is an interactive voice response unit (IVR) 
at the password protection system. The user will then be prompted in the usual 
manner for entry of his password, which, likewise, he enters via the keypad or the 
IVR. 

30 If the user has forgotten his password, he makes a call from the telephone 

corresponding to the nominated number, i.e. the nominated telephone, to a password 
change service of the password protection system. On receipt at the password 
protection system of the incoming call from the user, the signalling information is 
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examined and the content of the calling line identity field. (CLI) is retrieved, and the 
user is prompted to enter a new password, via keypad or the IVR. This new 
password is then stored in place of the previously stored password in association 
with the user identity in the form of the retrieved CLI, i.e. the nominated telephone 
5 number. 

This password change procedure avoids the inefficient use of system 
administration personnel, the delay to the user when such system administration 
personnel perform a manual change, and the risk that the user fails to change from 
the nominal password, which is inherently insecure, to a more secure password. 

10 In a specific embodiment shown in Figure 1, the password protected 

information is a electronic personal telephone or email address book remotely stored 
on a database 10, accessed via a data network 12, such as the Internet or a 
corporate intranet, and a server 14. 

The user activates a computer 16 at any suitable site, and launches a 

15 browser in known manner to access the server 14. He receives from the server 14 an 
access page having text boxes for the entry of a user identity and a password. Using 
the keyboard, the user enters the nominated telephone number for the user identity, 
and the current password. The server 14 performs a comparison of the entered 
password with the stored password associated with that user identity, and upon a 

20 match permits the user access to his address book. 

If the user has forgotten his password, or if someone has managed to obtain 
access to the user's nominated telephone, say his work telephone, and change the 
password, then the user makes a call from his work telephone 20, via a telephone 
network, for example a private telephone network 22, to a predetermined destination 

25 terminal number at a CTI system 24 operating a change password service. 

As shown in the Figure, the change password service is operated by a CTI 
system 24 which is at a geographically separate location from the server 14. In 
variants, the CTI system 24 operating a change password service can be local to the 
server 14, or that function can even be made integral with the server 14. 

30 In the present embodiment, the CTI system 24 will send the user's identity 

(CLI) and new password to the database 10. Thus in this specific embodiment, the 
CTI system 24 constitutes means for receiving a call from a network terminal and for 
retrieving from signalling information of the call the identity of the network terminal 
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from which that call was made, means for receiving frcpm that network terminal 
information representative of a password, and means for updating a current 
password stored in association with that network terminal identity by replacing it 
with said information representative of a password. In a variant, the CTI system 24 
5 sends the user's identity (CLI) and new password to the database 10 via the server 
14. 

The change password service is also responsible for establishing a new user 
area in the database. A new user makes a call to the change password service, and 
upon prompting for a telephone number enters a telephone number, and upon 

10 prompting for a password the user either enters a password or, if the user chooses 
not to provide a password at this initial area set up stage, terminates the user area 
set up procedure in some appropriate manner, e.g. by going on hook or entering "#" 
on the keypad. This entering of a telephone number by the user constitutes direct 
provision of a network terminal identity by the user. The change password service 

15 now communicates with the database 10 and requests the allocation of a new user 
area, i.e. a telephone number store and an associated password store, and provides 
that entered telephone number to the database 10, together with the entered 
password, if provided by the user at this stage. 

If the user enters a password at the password prompt, the database 10 sets 

20 a Password Set flag associated with that newly established user area. If the user did 
not enter a password at the password prompt, the content of the password store in 
that user area remains filled with null characters, and the Password Set flag remains 
reset. The establishing of a new user area can alternatively be performed by system 
administration personnel upon receipt of the required information from a new user 

25 via, for example, the postal service. Once a new user area has been established, the 
user then updates the latest recorded password in his area using the method of the 
present invention by making a call to the change password service from the 
nominated telephone. It will be understood that the latest recorded password can be 
any of: null characters when the user has set up a new area but has not provided a 

30 password; or an initially provided password; or the password entered at the latest 
use of the change password service. 

In a variant, the new user area can be set up via the user's computer 16 by 
downloading a set up page from the server 14, entering the nominated telephone 
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number and, if required at this stage, a password, in respective text entry boxes, and 
clicking on a submit button in known manner. This entering of a telephone number by 
the user constitutes direct provision of a network terminal identity by the user. 

In a further variant, since the change password service retrieves a CLI from 
5 an incoming call, the user can indicate to the change password service, by entering # 
on the telephone keypad, that he wishes that CLI to be used as the nominated 
telephone number. This utilising by the change password service of the CLI in 
response to a command ("#") from the user constitutes indirect provision of a 
network terminal identity by the user. The change password service will respond by 

10 requesting the user to enter a password. If the user is merely setting up a new user 
area and intending to defer providing a password, he need not supply a password at 
this time, and can indicate this by again entering #. 

Whereas it is most convenient for the nominated telephone number to be the 
telephone where the user is most likely to be located when he needs to call the 

15 change password service, it need not be so. As an example of a different procedure, 
a user may nominate the telephone number of a trusted person, e.g. his father, living 
in a completely different area to where he works, possibly even a different country. 
The present invention will still work, provided that the calling line identity is 
delivered. The user now calls his trusted person, gives him a new password and asks 

20 him to call the change password service and enter the new password when 
prompted. 

Unless the context clearly requires otherwise, throughout the description and 
the claims, the words "comprise", "comprising" and the like are to be construed in an 
inclusive as opposed to an exclusive or exhaustive sense; that is to say, in the sense 
25 of "including, but not limited to". 
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CLAIMS 

1 . A method of managing password update for a password protected access 
system having a password store in which each entry comprises a respective network 

5 terminal identity store and an associated respective password store, the method 
comprising the steps of: 

making a call to a password change service from a network terminal, 
retrieving by the password change service from signalling information of the call 
received thereat the identity of the network terminal from which that call was made; 
10 receiving a new password entered at that network terminal; 

accessing the password store in accordance with the retrieved network 
terminal identity to find an entry whose stored network terminal identity matches 
that retrieved network terminal identity; and 

writing the received new password into the associated respective password 
1 5 store of an entry so found. 

2. A password protected access system comprising means for receiving a call 
from a network terminal and for retrieving from signalling information of the call the 
identity of the network terminal from which that call was made, means for receiving 

20 from that network terminal information representative of a password, and means for 
updating the content of a respective password store associated with that network 
terminal identity by writing said information representative of a password into that 
associated respective password store. 

25 3. A method of managing password update for password protected access, the 

method being substantially as hereinbefore described with reference to the drawing. 

4. A password protected access system substantially as hereinbefore described 

with reference to the drawing. 
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ABSTRACT 
PASSWORD PROTECTION 
In password protection access, a nominated telephone number is used as the 
user identity associated with the protected information. If the user needs to change 
5 his password, he makes a call from the nominated telephone to a change password 
service, which automatically retrieves the calling line identity from the signalling 
information of the incoming call, prompts for a new password, receives the new 
password from the user, and records the new password in place of the previous 
password. There is no involvement of system administration personnel, and no 
10 consequent delay while a manual reset of the user's password is effected. 
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Figure (1) 




Fig.1 
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PASSWORD PROTECTION 

This invention relates to password protection and particularly, but not 
exclusively, to a method of updating a password by direct user input from a 
5 telephone. In this application, the terms updating and chstricjmg are used 
synonymously. 

European Patent Application EP 0 862 104 A (Casio Computer Co.. Lid.) 
discloses an authentication system in which a user's terminal r!i*vic<; slorcs the 
user's uscrname and his password, and for each access attempt fiuth^niictuion is 
10 bgsod upon the username and password read out of.lhe store in th* terminal device 
and sent to the authentication server. This avoids the nesd for fho user to remember 
his username and password. There is also disclosed the use ihy telephone nw»nli«r 
of the terminal device as the user's usdrname, and obtaining this telephone iiumli«sr 
from the incoming access attempt call. Thus, in this case only the user* password 

15 is required to be read from the store in the terminal devices and tswii to th« 
authentication server. 

European Patent Application £P 0 541 435 A (Fujitsu Limit*d> ilisuioss-j un 
authentication system in which a caJler provides a username and a pMjswyrd, which 
are checked. If they mateh an existing entry, the telephone nwmhur from which that 

20 current access attempt is being made is dbtafned from rhu incimiinfj call, srnrnrf for 
use w/th the next access attempt for that username and compared wuh H.« 
corresponding telephone number stored for'the previous access attempt. If rhera is 
no match, a. warning message is played and the caller is requested to cntftr a second 
password. This system helps to prevent fraudulent use v\ a person's uwtfrnanie cind 

25 password from a telephone different from the one that the person normally uses. 

European Patent Application 5P 0 745 924 A (AT&T>'disclt;sit:* u method of 
authenticating user terminal access to a service provider by mi*.-imu q* y service 
bureau. The service bureau sets up a new user terminal for password authenticated 
access by encrypting the calling line identity (CLi) associate!- with that user's ■ 

30 terminal, which the service bureau obtains from a necwork-baKiirj automatic number 
identification (AND unit, and sending the encrypted CLI to the wsiv** terminal for 
storage as a password. When the user desires access to the service provider, he 
makes a call from his user terminal to the service bureau, which encrypts the CLI of 
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that call, automatically retrieves the password stored in tho user's i«n*niiv<l and. 
upon finding a match between the retrieved password and ihu newly encrypted CU, 
permits access to the service provider. 

The service bureau is programmed for automatically ehangfncj the password 
5 stored in The user's terminal. This change is affected following nurrnal anthoruicutjon 
of a user terminal by the service bureau re-encrypting the CU usiruj i\ diffcrwnt 
encryption Key, and sending the newly-encrypted CU to the user's tormina! to be 
stored for use instogd of the previously stored password. 

Japanese Patent t Application JP 07 129511 .A . (Nippon I ulmjruph and 

10 Telephone Corporation} discloses a method of changing a user's pu^word in which 
the. user contacts tha password change service (PC5J from a telephone previously 
designated to the PCS, gives his user ID„ and then enters a new pM^ywurd. Tho PCS 
looks up the user's 10 in its database and retrieves the designate! telephone? number 
associated with that user's ID. The PCS makes a call to that dusignatnri Ldephvno 

15 number and requests the user to enter the password again. The PCS c^mpures this 
second enrarad password with ihe first entered password, and upon <j myUh writes 
ihf* pnssworrf to its database in association with that user's ID, 

in accordance with a firsi aspect of the present invention, chert; to yruviUud 
ci method of password update for a password protected access sysium having a 

20 password score in* which each entry is constituted by a respective network terminal 
ideniicy siur«i and an associated respective password stnr^, ihe method comprising 
the steps of: 

receiving at a password update servica a call from a network tarmin;*!; 
retrieving by the password update service from signalling intonitavion of Uml 
Z5 received call the identity of the network terminal from which that call was hi*(ie; 

accessing The password store in accordance with the retrieval nntwork 
terminal identify; and 
characterised by the steps of: 

upon locating an entry whose stored network terminal iibtniiiy mk»U;1m;>; lh;ii 
30 retrieved network terminal identity, playing an announcement tc the coU^i requesting 
the entry of a password at that network terminal; and 



:TPf,z<3it;03/O7/20Ol 18: 17 EmPf .nr.: 156 P.012 



AMENDED SHEET 



4. SEP. 200 1 16:10 . E?A iWENCHEN *49 39 23334465 Hi 90 1 7 S. 12 



upon receipt at the password update service of a password entered fn 
• response to Chat request, writing that received password into ih M .i.tsocrated 
respective password store of the located entry. 

An advantage of a method of the present invention is the avoidance of 
S , manual password resetting procedures performed by system administration 
personnel. Another advantage Is that it is a quick and simple nne-sTtfp password 
entry procedure that does not involve any call-back lo a designate numbor, and 
thus avoids any problems that would ansa should that designated number have 
special call handling set, such as divert, which would result !n that coll not bfing 
10 delivered to the designated number. 

In accordance with a second aspect of the present invention. ther& is 
provided a password protected access system having a password store in which 
g*ch entry is constituted by a respective network larminal identity wcore and an 
associated respective password store, and including a password upriare system 
15 comprising: 

means for receiving a call from a network terminal: 

means for retrieving from signalling Information of that received call the 
Identity Of the network terminal from which that call was made; wind 

means for accessing the password store in accordance with the retrieved 
7.0 natworK terminal identity; ond 
characterised by; 

means responsive to a successful location of an entry whnsa rUorud network 
terminal identity matches that retrieved network terminal identity, for playing an 
announcement to the caller requesting the entry of a password c%\ |h;jt network 
25 terminal; and 

maans responsive to receipt of a password entered in response to that 
request, for writing that received password into the a$:ioc;i'*u*<*J r«v^cctiv« password 

store of the located entry. 

In accordance with a third aspect of the present rimjruinji. liters is provided 
30 a method of registering a new user of a password protected access uysUim having n 
password store in which each entry, is constituted by o respective network terminal 
identity stare end an associated respective password atore. thv method comprising 
the steps of: 
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receiving at 3 password management service 3 coll from y netwgrK terminal; 

retrieving by the password management service from signalling informatinn 
of that received call the identity of the network terminal from which (hut call was 
made; 

5 accessing the password store in accordance with the retrieved nmwork 

terminal identity;' 

upon failure to locate an entry whose stored network terminal identity 
. matches that retrieved network terminal identity, making a new entry in respect of 
that retrieved network terminal identity; 

10 playing an announcement to thecaller requesting th« uniry nf a password ac 

that network terminal; and 

upon receipt at the password management service of a password «mer*d in 
response to that request, writing that received posswnrrJ into ih* associated 
respective password score of the newly made entry. 

in accordance with a fourth aspect of the present inventing ihcru is 
provided a password protected access system having a password «toro in which 
each entry is constituted by a respective network terminal identity store oncJ nn 
oissocisfcw-*- ,'5>p^^, - password store, end including a pussworrJ management 
system comprising; 

2C means for receiving a call from a network terminal; 

means for retrieving from signaJIfng information of rhut received c;»H the 
identity of the network terminal from which that call was mart*; wnvf 

means for accessing the password store in accordance with fh* retrieved 
network terminel Identity; and 
Z5 charactarised by: 

means responsive to en unsuccessful location ol an cntty whose smrtu'J 
network terminal' identity matches that retrieved n^twvirk terminal identity, fur 
making a new entry in respect of that retrieved network terminal identity and for 
triggering the playing of an announcement to the caller requesting ihu entry of a 
30 password at that network terminal; and 

means responsive to receipt of a password entervd in rer.pnnyu to that 
request, for writing that received password Into the associated respective password 
store of the newly made entry. 
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In accordance with a fifth aspect of the present Invention. «h.,. ; , provi0tfd 
a method of user authentication in a password protected ar.e Ma 6VS , Sm hilviny a 
password .tor. in which ..eh entry is constituted by a r«p.eBv. u.«r.„ w „, n<l t^ 
network tormina, identity and an assisted rcapoctive p aMWOrU . th . n|Mhp|f 

5 comprising the steps of: 

in response to receipt at the password protected ii C i»s* . v .,om of a calf 
from . calling user at a network terminal, requesting the calling u30f t0 VMW at lha , 
network terminal his nominated terminal Identity end password; 

receiving the entsrad terminal identity end password; 

10 accessing th. password store in accordance with rh« rccsivm* *ni«reti 

Terminal identity: and 

upon locating an entry whose stored network terminal .comity and 
associaxad password match the received entered terminal identity and password, 
authenticating that calling user. 

1 5 Specific embodiments of the present invention will now tm described by way 

of sample with reference to the drawing in which figure l' show* compon.ni ports 
of a password change service of the present invention. 

' •"- jresejfit »nvention, it is knnwn for password 

protected access to, for example, a remote database holdinn u user s pwsonul 
7.0 information, to be performed by liSS . providing a user idfintiiy Mscr ID y r uscr/O). 
also .sailed a username. to id B ntify th« particular stored in form* tion which eiiu user i s 
requesting access to. and a password. The user identity i. commonly t . s , ;t or letters, 
often the initials of the user's n .m... e.g.'dje or rgp. The provided password is 
compared with a password previously provided by the user and s.„rcu in 9 s M nciar.on 
25 with tha us«r identity, and. if there is a match, the user is granted uec9 , M . 

In this known arrangement, if the user forgets his password. h« iy 
contact rh* system administer sponsible for the cJaraonsu. «,rovui„ *,,m„W„n 
proof of his identity, and request a reset of his password. The system adrt.inir.irr.ior 
has to effect a change of the recorded password to a nominal ,« 5S word. for „xan n >m 
30 -password", and notify the user of that nominal password. Th„ „ 3B , C1M1 ther Sa f fa r 
acce« hi, information using that nominal password, but for security rWliws USUll „ y 
performs a change password procedure to chang. that nominal password To one 
which j, rT ,urc secure, in this cha„ g , password procedure, the us*r is askorl tw enter 
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the existing password, then his newly chosen password, and, -for confirmation, to 
enter the new password again. 

In the present invention, the user identity is not in the fgrrn of the' user's 
initials, but is a nominated network Terminal identity, which in thia umht'irjimuML fa a 
5 telephone number, and this will usually be the number of th» user'^hnme or work 
telephone. Herein the terms nominated telephone number and nominated veleohane 
arc used synonymously and Interchanyeabfy, 

For normal access, the user calls the password protection system from any 
telephone and when prompted for a user identity he enters the nnminaiuU telephone 
10 number via tho keypad, or speaks it if there is an interactive vniou rcsponw* unit 
(IVR) at the password protection system. The user will then Uc* prompted -m Uie 
usmoI manner for entry of his password, which, likewise, ho enr«/y vi* th« keypad. or 
the IVF7. 

If the user has forgotten his password, he makes a call from the telephone 
15 corre»pondiny to the nominated number, i.e. The nominated Telephone, ra a 
password change service of tha password protection system. On receipt at The 
password protection system of the incoming call fVorn the us»r, the signalling 
'■r,: jaw is s^a.-;>ined and the content of the calling line identity fluid (CU) is 
retrieved, and the user is prompted to enter a new password, via keypad or the IVH. 
20 This new password is then stored in placo of the previously stored password in 
association with eh* user identity in die form or the retrieved CLI. i.e. the nominaiAri 
telephone number. 

This password change procedurg avoids The inefficient u»* " vf' system 
administration personnel, the delay to the user when such systnm ttilmiMjstratiori 
25 personnel perform a manual change, and the risk that ch* user tails to U^nqc from 
Th* nominal password, which'is inherently insecure, to a murc'sccuro n^word. 

In a specific embodiment shewn in Fi;ure the password protected 
information is a electronic personal telephone or email address hook remotely stored 
on u database 10, accessed via a data network 12, such as fin: Internet or a 
30 corporate intranet* and a server 14. 

The user activates a computer 16 at any suitable site, and launches a 
browser in known manner to access the server 14. He receives from th« 5 r;rvcr 14 
an access page having text boxes for the entry of a usar identity and * password. 
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Using tH* keyboard, the user enters the nominatad telephone numbw for the user 
identity, and the current p U „ w „ rd . Trie server 14 performs a comparison of the 
tntcmcf password with the stored password associated with that user identity, end 
upon ;j match permits the user access to his address book. 

If the user ho, foreman his password, or it someone has m U n a g«d ro obtain 
access to thu user's nominated telephone, say his work teluohone 20. and chc,r,y« 
ihc password than the user mak« a ca » from his nominated r«i«phoim 20. via u 
Uilcphona network, for example a private telephone network 22. to a predetermined 
destination terminal number at 9 C TI system 24 operating a ch<mg« password 



1 0 yorviiiw. 



As shown in the Figure, Uio change password service is operated by a CTI 
syslem 24 which is at a geographically separate location from U>e server 14. in 
varum*, the CT| system 24 operating a change password servir,. can he lm:«l to the 
server In. „r that function con even be mode integral with the tiurvur V4. 
15 m th« present embodiment, the CTI system 2* will *«nd the us*,'* .rientity 

IWJJ and new password to the database 10. Thus in this specific embodiment, the 
CTI sy*r„m 34 UU n,tftut«.i means for receiving * call from a network ter.ni,»,| „„d far 
...V.jj information of r.he call the identity of the network terminal 
imm which th aT call wos made, means for receiving from that outwork terminal 
W information representative nf 0 password, un<i means for updating o <:„„„„, 
p«w* W ord stored in association with thai network terminal identity by rapl*,;,,,, it 
with «id information representative of o password. In a variant, the CTI system 24 
sends the user's identity (CLII and n«w password to the database io via w,« server 

?$ The, change password serviec. also' referred to in this rcsperc 0 « u password 

maiififiemune service, is also responsible for establishes, a new us»r orcy in the 
dar*t«ise. A new user makes a M „ to thc chonge password MPwrr . u# oncJ upQn 
prompting for a telephone number en ter 5 „ telephone number, and upoo ( uu,upU,uj 
for o password the user cither enters a password or, if the user ehour.nr. not (o 

HO proyirie a password at thi, initial area so. „p stage, terminates the u**r „„ up 
procedure in some appropriate manner, e.g. by going on hook or e.it*ri.«, T on the 
keypad. This entering of 3 telephone number by the user constitutes direct provision 
«.l o narwork terminal identity by the user . T he change p**,word service now 
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communicates with the database 10 and rsquestS the a/location of >. new user m . 

i.o. a Telephone number store and an associated password «o«,, ;il ,d provide thai. 

enters telaphene number to the database 10, together with the encarod password. 

if provided by the user at this stage. 
5 If tha user enters a password at the password prompt. U, c da t *u« sc 10 acts 

a Pusswprd Set flag associated with that newly established user are:,. II the user did 

not enter a password at the password prompt, the content of tha y^word MwtS 
thai user area remains filled with null characters, and the Password Set ria„ rcmyins 
react. The establishing of a new user area can arternativejy be pwformed hy uystcm 
10 administration personnel upon receipt of the required Information from * n«w user 
via. for example, the postal service. Once o new user arse ha;: bucm «su,bl, s »,cd. the 
usur than updates the latest recorded password in his area uaing the nitihvd of the 
prasenr invention by making a call to the change password smvico from the 
nominated telephone. It will be understood that the laresr recorded pas* word can ha 
1 5 any of; ngli characters when the user has set up a new area but luis not provided n 
password; or an Initially provided password; or the password amwad at diH latest 
use of the change password service. 

" " arsa can be set up viji the user's vornptjler 1(5 ' Jy 

downloading a set up page from the server 14. entering Th« n«mJn«i*d miephonc 
20 number and, if rcquirad at this stage, a password, in re*pw;iiv e tax, e „ t ry boxns. 
and clicking on a submit button in known manner. This cntarim, U l u lataphnna 
number by the user constitutes direct provision of 3 network terminal identity hy ..h* 



user. 



In a further variant, since the change password sarviea retrieves a CI I from 
25 an incoming call, the user can indicate to the change password a «rvice. hy storing 
# or, the telephone keypad, that he wishes that CLf to be used aa the nominated 
telephone number. This utilising by the change password s »rvicc of the CLI .* 
response lo a command (-#-) from the user constitutes indirect provision of a 
network terminal identity by tha user. The change password sorviea will respond by 
30 requesting the user to enter a password. If the user is merely setting lip a now .,s«r 
xno and intending to defer providing a password, he need noi supply a password :, t 
this time, and can indicate this by again entering *\ 
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Whereas it is most convenient for the nominated wtophono number to be the 
<«l«phon» whare the user i s ,„ ost ,* 9 , y t0 bu lo „ tert hR ^ Js ^ ^ ^ 

chans,. Miiword service, it need not be ,». a 5 an »an.pla of a different procure 
o uaar mov nominate th. telephone number of . trusted person, „,j. hi3 f Blh ur. livjng 
S ,n a comply different s, ea to where h a works , p 0 s sit> , v even a coljnrry 

Tl« pr«.nt invention will still work . provided tnat The caJ|jnfj ( . (e . $ 

covered. Th, use, now calls his trusted person, gives him . new p^sword and «*ks 
»«m to call the change password service and enter the new pa53woreJ w ,trm 
prompted. 

It will now be appreciated that the pre^nt invention i* conn«rn«d with n 
password change facility in a password protected access for human users, wh,.re 
those .. 3C rs have user identities in the form of network terminal identity (.-also 
referred to *s a network address). When a ysCr desires access to * paired target, 
a remote database such as mentioned above,, he dials the normal aceess number 
IS for the protection system from any terminal in the network, and provides to m* 
protection system his user identity and password by voica or key inp.u. n,u 
protection svswm uses that provided id— Uy to locate the user's entry and check* 
the provided password against Che stored password. The user dairies wh«„ i„. 
w,ms t! ' f;hiU, 9 c hi3 P«*wcrd, end dials the special number fur the passw.,,0 
20 "l™ 9 * -' c ". c '"' d astern. It is this change service that »bu,i„s the ' 

CI.I vi ih« call and upon receipt of the new passwordentered by thy uuer 
femteulatoly stores that newly received possword in association with U te( CU. Th« 
procedure of the presantinvemion is easy and quick, avoids any „ w «j to uaa known 
update procedures, and whenever the user wishes to update hi* password. whcUmr 
28 bocaws* he has forgotten it. or because he thinks that its security has b««r, 

compromised and he wishes to update it for security reasons, or becama h« thl,* a 
that he might have entered his intended new password incorrectly, or whatever. 
user only has to repeat the simple method of the present invention. ' 

The present invention distinguishes from the abovemenTioned A I ft I' 
30 disclosure which is not concerned with human user authentication, hut wiU- 
authentication of an actual terminal equipment by ensuring t>u.i ch« w „„in«l 
aquipmanc i. attached Co the network termination correspond^ with i ts original 
registration. The AT&T authentication system prevents a terming c<ui P m*nr rr„p, 
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being taken to a different network termination, i.e. teiephona l„ w ; but il Uvea „ y r 
provide any protection against a different human user activatiny tho tm»,i„ M l 
•quipm.ni; it does not require The user , 0 provide any person*! idcn.hy, but merely 
«ncrypt s the number provided by the network ANI equipment, i.e. lh « Cl.l: and it 
5 requires the terminal equipment to store that encrypted Clf as a password retrievable 
from the terminal equipment upon commend by the authentication system. 
Furthermore, it is the authentication system, and not the user, that decides when .o 
replae* the stored encrypted CU in the terminal equipment, tho, decides the new' 
encryption key, that generates the replacement password rather than „,«.-! V in y chu 
10 ranlacement password from a user. 

The present invention distinguishes from the abovwnentioneij Casio Computer 
Co. disclosure which is concerned with capturing a user's originally submitted 
password, storing it with his username within his terminal device, and instnarf nf 
using a step of requesting the user to enter his password and usemumc, r«Ad» out 
1 5 The. stored password end username. In this way. there is no username or password 
entered by the user at each access attempt, and therefore no possibility of Mv, u«|. r 
forgetting his details and having to contact authentication personnel lor password 
reset iupda:a). 

The present invention distinguishes from the abovemcn:ian 9f | Nippon 
.0 r-'-.^.^-u 3rid r,.;,;----,, Cj;po.'3tion disclosure '-..i-jch is concerned with 

authenticating a password update attempt by a combination of dinllMok »«curity. i.o. 
m . making contact with the user by calling him back on a telephone number known ro 
bo secure. *n<j requesting 3 second entry of the new password. 

Unless the context dearly requires otherwise, throughout the description ;md 
25 the claims, the words "comprise', "comprising' and rn« lik* to bo con*!,,,.* in 
an inclusive as opposed to an exclusive or exhaustive sense; thot is rn *-, y . ir, the 
:=■";=■ -~. including. •-• 
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. CLAIMS * • • ' ■ 

V. A mftthod o/ password update for a password protect 0CCeS s system 

Having a password store in which «ach entry is constituted by a rcspentiv* naiwork 
5 t*rmi,n,l iJumity store and an associated respective password store, iho method 
comnrisiiuj Vliu steps oJ: 

receiving at a password update service a call from a network luminal; 
retrieving by the password update service from signalling, i,,M,m,*tion of that 
.reived call the identity of the network terminal from which thai <u.|| was made: 
10 accessing the password siore in accordance with the retrieved network 

Ifirrninol identity: and 
characterised hy the steps of: 

upon locating an entry whose stored network terminal identity. m A rch«.s that 
rairi*vcd network terminal identity, plaint, an announcement to tho callur rec»u. fS ».ir, t , 
1 5 th« «r»try «f 3 password at that network terminal; and 

upon receipt at rh« password update servica of a password uiuurad in 
r«™ fw ,.su to that request, writing (hat received password into «h»: ysaociuiud 
resuwciivo password store o> th» located entry. 

20 ?. a password yrot«ct H d access systam having a password atwrv in which 

each entry is constituted by » respective nerwork terminal identity store and an 
assorted respective password store, and including 3 password update syr.tnm 
Gornpriyiritj,' 

mucins for receiving a call from a network terminal: 
• rnwuns for retrievin 0 from signalling information of UuH received call rlia 
idrtnuiy »t the network terminal from which that call w a » mad«; ant i 

means for accessing the password store in accordance with tn« retrieved 
network terminal identity; and 
r.h.-jracterisflcj by: 

means responsive u» ; , 5 uce^ fU | location of an entry whouc sror*r» .■miwyrk 
terminal identity matches thot retried network terminal identity, for pMyi» H a „ 
anno, J n«:<..,n- 3 nt to the e.ller ,«qu«stin S ,»„ amry of 8 pasiiWurJ at thal , 10 , W() , k 
tormin.il; and 



25 



30 
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means responsive to receipt of a password entered in r«sponse to that 

request, for writing that received password Into the associated r« P e C ,ive password 
sti.tr»? of the located entry, 

5 3. A method of registering a new user of o password protected access system 
having a password more in which eaeh entry is constituted by a respertivo network 
terminal identity stora and an associated respective password stnre. the method 
rnmprisiny the steps of: 

receiving at a password management service a call from a network luminal; 
10 retrieving by the password manayerneni service from siynaMinM information 

of thul received cull the identity 0 f t he network terminal from which that call was 
muctu; 

accessing the password storo in accordance with tho rctrievod network 
terminal identity; 

lb upon railure to locate an entry whose stored network terminal idimnry 

matches rh*( retrieved network. terminal identity, making a new antry in respect of 
- terminal identity; 
fjlayiny an announcement to th« caller requesting th^mry of password at 
that network terminal; and 
>V upon receipt at the password management ; of a , 1M ,w«rd c „i 0 r«d in 

retpnnse to that request, writing that received password into trw associated 
rflspHdivu password store of the newly made entry. 

4. A password protected access system having a password siur« i„ whiuh 

2o uuch entry j« constituted by a respect network terminal id«nciiy kIwh and an . 
related respective p« S! ,word store. am j Including a password m»n<iy«menl 
sysletn comprising: 

means fgr receiving u call from a network terminal; 

means for retrieving from signalling information of that received «:ali rh« 
identity of The network terminal from which that call was made; and 

means for accessing the password store in accordance with the retrinved 
network terminal identity; and 
charaerwri^Hd l> V ; 
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means responsive to an unsuccessful location of it r, vnlry whose shared 
network terminal identity matches that retried network terminal ident.ry, for 
making a new entry in r„ p « [of rnar ratfioved notvVork Te p min3 , ; dentity ani1 (or 
inhering rhe playing gf an announcement to the eafl*r requesting rho cniry or a 
I«is3wurd ok that network terminal; and 

m*atis responsive to receipt of a password entered in nsap 0rn! „ to that 
request, for wriring that received password into the associated rcspoetivc password 
store or the newly made entry. 



10 



5. A method of user authentication in a password protects! a CC , JJ<5 sy*,*™ 

having a password store in which each entry is constituted by a respective user. 
n».™.v*d network terminal Entity and an associated rcsp^iiv* password, the 
medivif comprising Maps of; 

!m response to receipt at the password protected access systum of a call 
15 it cu ,„ og US8r at a ne i work terminal> reqiJ8St i n g lne caning usef Xa untcr 8l ihai 

netw«,k terminal his nominated terminal iduniliy and password; 
receiving the entered tormina! identity and password: 

accessing the password store in accordance with -.h B received cnterari 
tu.-mi.-uii igy.'ijjty; and 

*° " pon ,ocali ' 1 n an a,ur V wnosa stored network terminal id„nlity and 

*«s«ci*ted password mmr.li ,»,« received entered terminal identity ami ,,;, S *word. 
authenticating that nailing user. 

6. A method of password update for a password protected access system, the 
25 method bei„ ft as claimed in claim i , n4 substantially as hereinbefore described will. 
roturunuM u> the drawing. 

I. A password protected access system as r.laimcd in claim 2. and 

suUsUmiielly as herainb*for B described with reference to the drawin.j. 



0. A method of registoring a new user of a password protected ucccy* system, 

the method being as claimed in C | U - irn 3 and substantially as hereinbefore* described 
with raf«rence to the drawing. 
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•O. A password proieeted aceaw system « claimed m claim 4. and 

snhHiomially as h«r«inb«fora rtaacrlberf with r 0 /»r«ne« to th« drawing 

5 10. A method gt u$cr airihwBeolion in a password protected access , Y3Wl „ 
thn methou boing as claim In c| a im 5 a „cl substantially as h.r.inb.f«r* d^bed 
with rnforcntc to lht» drawing. 
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